<?php
define('IN_PHP', true);
include('util.php');
include('functions.php');
session_start();
xmysql_connect();

$error_message = NULL;
//student POST variables
$name = make_safe($_POST['contact_name']);
$bday = make_safe($_POST['birth_day']);
$street = make_safe($_POST['contact_street']);
$city = make_safe($_POST['contact_city']);
$state = make_safe($_POST['contact_state']);
$zip = make_safe($_POST['contact_zip']);
$socialid = make_safe($_POST['social_id']);
$passport = make_safe($_POST['passport']);
$pwd = make_safe($_POST['password']);
$confirmpwd = make_safe($_POST['confirm_password']);
$email = make_safe($_POST['email']);
$tel = make_safe($_POST['tel']);

if($_POST['action'] == 'create') {
	// creating a new account.
	// perform a PHP test to see if the account already exists
	if(!user_exists($user) && ($pwd == $confirmpwd)) {
		create_user($user, $pwd, $email); //make the user!
		do_login($user, $pwd); //login
		header('Location: index.php');
		//redirect to homepage
	} else { //oh noes!
		$error_message = "Account creation failed!";
	}
} else if($_POST['action'] == 'login') {
	if(do_login($email, $pwd)) {
		// student is logged in
		// redirecting student to personal details page
		header('Location: index.php');
	} else {
		$error_message = "Username or password bad!";
	}
} else if($_POST['action'] == 'add_contact'){
	$created_by = get_user();
	$stammy_query = "insert into contacts (name, street, city, state, zip, created_by) values('$name', '$street', '$city', '$state', '$zip', '$created_by')";
	if (!mysql_query($stammy_query)){
	  	die('Error: ' . mysql_error());
	}
	header('Location: manage.php');
	//good place to put an error message thing
}

if($error_message !== NULL) //if error message exists, output it!
	echo $error_message;
?>
